##############################################################################################################
# Server config
#
# Includes required DSO modules. This is mandatory in proftpd 1.3
Include /etc/proftpd/modules.conf
ServerType standalone
ServerIdent off
UseIPv6 on
Port 21
SystemLog /var/log/proftpd/proftpd.log
LogFormat awstats "%t %h %u %m %f %s %b"
ScoreboardFile /var/run/proftpd.scoreboard
UseReverseDNS on
MultilineRFC2228 on
# Needed to map UIDs & GIDs to names
PersistentPasswd on
#RLimitCPU session 60 120
# Duck: do not enforce too low memory level, you can experience strange "cannot allocate" PAM errors
#RLimitMemory 50M 70M
RLimitOpenFiles 100 128
MaxInstances 30
MaxConnectionRate 11
# This is used for FTPS connections
Include /etc/proftpd/tls.conf
# Automatic bans
Include /etc/proftpd/ban.conf
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd.sock
ControlsACLs all allow user root
AdminControlsEngine off
BanControlsACLs all allow user root
##############################################################################################################
# Global config (affect main server and every vhost)
#
PassivePorts 49152 65534
tcpNoDelay on
ExtendedLog /var/log/proftpd/xferlog read,write awstats
TransferLog none
TimeoutLogin 60
TimeoutSession 10800
TimeoutStalled 300
TimeoutNoTransfer 300
TimeoutIdle 600
MaxClients 10
MaxClientsPerHost 3
User proftpd
Group nogroup
AuthPAM no
RootLogin off
RequireValidShell no
IdentLookups on
AllowRetrieveRestart on
AllowStoreRestart on
CapabilitiesEngine on
CapabilitiesSet -CAP_CHOWN
# This feature is great but conflicts with Retrieve/Store restart, it SUX !!!
HiddenStores off
# Allow FXP for DC users
AllowForeignAddress on
#TransferRate APPE,STOR,STOU 60.0:1024
#TransferRate RETR 320.0:1024
DenyFilter \*.*/
PathDenyFilter "(\.ftpaccess)$"
DeflateEngine on
Umask 022
ListOptions "-l"
TimesGMT off
DisplayLogin welcome.msg
DisplayChdir .message true
DisplayReadme README
##############################################################################################################
# Main instance config
#
ServerName "DuckLand FTP Server"
SocketBindTight on
DefaultAddress 127.0.0.1 ::1 193.200.43.161 2001:67c:1740:a000::1
#DefaultAddress elwing.hq.duckcorp.org
DefaultServer on
ServerAdmin duck@duckcorp.org
DefaultRoot /srv/share
ShowSymlinks on
AllowOverwrite on
TLSEngine on
TLSRSACertificateFile /etc/proftpd/certs/duckcorp_ftp_dl.crt
TLSRSACertificateKeyFile /etc/proftpd/certs/duckcorp_ftp_dl.key
TLSDHParamFile /etc/proftpd/certs/duckcorp_ftp_dl.dh
# don't use "on", as it would prevent NAT connections from working
# (kernel module nf_nat_ftp would not be able to peek at PASV/PORT commands)
# (see http://www.proftpd.org/docs/howto/TLS.html for more info)
TLSRequired auth+data
# Alternative authentication frameworks
Include /etc/proftpd/ldap.conf
AllowAll
# Don't use IgnoreHidden on anything wider than READ and WRITE limit, or legitimate commands may be restricted by mistake (like PROT)
IgnoreHidden on
HideGroup root
HideNoAccess yes